[Unit] Description=vault server Requires=network-online.target{% if config.storage and config.storage.type == "consul" %} consul.service{% endif %} After=network-online.target{% if config.storage and config.storage.type == "consul" %} consul.service{% endif %} [Service] EnvironmentFile=-/etc/sysconfig/vault User={{ user }} Group={{ group }} ExecStart=/usr/local/bin/vault server {% if config.dev_mode %}-dev{% else %}-config="/etc/vault.d/config.hcl"{% endif %} ExecReload=/bin/kill -signal HUP $MAINPID ExecStop=/usr/local/bin/vault operator step-down Restart=on-failure CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK AmbientCapabilities=CAP_IPC_LOCK SecureBits=keep-caps NoNewPrivileges=yes KillSignal=SIGINT [Install] WantedBy=multi-user.target